When it comes to my "red" network, yeah, I'm paranoid... Two firewalls
and now a forever sniffer... Stuff like Nests and others that have
back doors go between the firewalls...
On 02/18/2018 11:20 AM, TJ Trout wrote:
You sound like a paranoid flat earther :)
On Sun, Feb 18, 2018 at 8:12 AM, Robert <[email protected]
<mailto:[email protected]>> wrote:
Could be phoning home, but now I've got s/w trying to phone into my
DNS servers...
On 2/18/18 8:04 AM, Chuck McCown wrote:
You sure it is not just the camera phoning home for a software
update?
-----Original Message----- From: Robert
Sent: Sunday, February 18, 2018 8:43 AM
To: [email protected] <mailto:[email protected]>
Subject: [AFMUG] To good to be true... it was...
Frick'n peoples republic. So I bought a couple of those $300 PTZ
cameras. & my monitoring system saw some attempts to intrude from
inside my network. So I am now on the alert and when the
cameras start
up I see some traffic when there shouldn't be. It's the cameras
reaching out from the 10 net... To this address....
Now I have to consider part of my core compromised...
whois 112.124.0.188
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
<https://www.arin.net/whois_tou.html>
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/public/whoisinaccuracy/index.xhtml
<https://www.arin.net/public/whoisinaccuracy/index.xhtml>
#
#
# Query terms are ambiguous. The query is assumed to be:
# "n 112.124.0.188"
#
# Use "?" to get help.
#
#
# The following results may also be obtained via:
#
https://whois.arin.net/rest/nets;q=112.124.0.188?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2
<https://whois.arin.net/rest/nets;q=112.124.0.188?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2>
#
NetRange: 112.0.0.0 - 112.255.255.255 <tel:112.255.255.255>
CIDR: 112.0.0.0/8 <http://112.0.0.0/8>
NetName: APNIC-112
NetHandle: NET-112-0-0-0-1
Parent: ()
NetType: Allocated to APNIC
OriginAS:
Organization: Asia Pacific Network Information Centre (APNIC)
RegDate: 2008-05-26
Updated: 2010-07-30
Comment: This IP address range is not registered in the ARIN
database.
Comment: For details, refer to the APNIC Whois Database via
Comment: WHOIS.APNIC.NET <http://WHOIS.APNIC.NET> or
http://wq.apnic.net/apnic-bin/whois.pl
<http://wq.apnic.net/apnic-bin/whois.pl>
Comment: ** IMPORTANT NOTE: APNIC is the Regional
Internet Registry
Comment: for the Asia Pacific region. APNIC does not
operate networks
Comment: using this IP address range and is not able to
investigate
Comment: spam or abuse reports relating to these
addresses. For more
Comment: help, refer to
http://www.apnic.net/apnic-info/whois_search2/abuse-and-spamming
<http://www.apnic.net/apnic-info/whois_search2/abuse-and-spamming>
Ref: https://whois.arin.net/rest/net/NET-112-0-0-0-1
<https://whois.arin.net/rest/net/NET-112-0-0-0-1>
ResourceLink:
http://wq.apnic.net/whois-search/static/search.html
<http://wq.apnic.net/whois-search/static/search.html>
ResourceLink: whois.apnic.net <http://whois.apnic.net>
OrgName: Asia Pacific Network Information Centre
OrgId: APNIC
Address: PO Box 3646
City: South Brisbane
StateProv: QLD
PostalCode: 4101
Country: AU
RegDate:
Updated: 2012-01-24
Ref: https://whois.arin.net/rest/org/APNIC
<https://whois.arin.net/rest/org/APNIC>
ReferralServer: whois://whois.apnic.net <http://whois.apnic.net>
ResourceLink:
http://wq.apnic.net/whois-search/static/search.html
<http://wq.apnic.net/whois-search/static/search.html>
OrgTechHandle: AWC12-ARIN
OrgTechName: APNIC Whois Contact
OrgTechPhone: +61 7 3858 3188 <tel:%2B61%207%203858%203188>
OrgTechEmail: [email protected]
<mailto:[email protected]>
OrgTechRef: https://whois.arin.net/rest/poc/AWC12-ARIN
<https://whois.arin.net/rest/poc/AWC12-ARIN>
OrgAbuseHandle: AWC12-ARIN
OrgAbuseName: APNIC Whois Contact
OrgAbusePhone: +61 7 3858 3188 <tel:%2B61%207%203858%203188>
OrgAbuseEmail: [email protected]
<mailto:[email protected]>
OrgAbuseRef: https://whois.arin.net/rest/poc/AWC12-ARIN
<https://whois.arin.net/rest/poc/AWC12-ARIN>
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
<https://www.arin.net/whois_tou.html>
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/public/whoisinaccuracy/index.xhtml
<https://www.arin.net/public/whoisinaccuracy/index.xhtml>
#
% [whois.apnic.net <http://whois.apnic.net>]
% Whois data copyright terms
http://www.apnic.net/db/dbcopyright.html
<http://www.apnic.net/db/dbcopyright.html>
% Information related to '112.124.0.0 - 112.127.255.255
<tel:112.127.255.255>'
% Abuse contact for '112.124.0.0 - 112.127.255.255
<tel:112.127.255.255>' is '[email protected] <mailto:[email protected]>'
inetnum: 112.124.0.0 - 112.127.255.255 <tel:112.127.255.255>
netname: ALISOFT
descr: Aliyun Computing Co., LTD
descr: 5F, Builing D, the West Lake International Plaza
of S&T
descr: No.391 Wen'er Road, Hangzhou, Zhejiang, China,
310099
country: CN
admin-c: ZM1015-AP
tech-c: ZM877-AP
tech-c: ZM876-AP
tech-c: ZM875-AP
mnt-by: MAINT-CNNIC-AP
mnt-irt: IRT-CNNIC-CN
status: ALLOCATED PORTABLE
last-modified: 2014-07-30T03:22:02Z
source: APNIC
irt: IRT-CNNIC-CN
address: Beijing, China
e-mail: [email protected] <mailto:[email protected]>
abuse-mailbox: [email protected] <mailto:[email protected]>
admin-c: IP50-AP
tech-c: IP50-AP
auth: # Filtered
remarks: Please note that CNNIC is not an ISP and is not
remarks: empowered to investigate complaints of network
abuse.
remarks: Please contact the tech-c or admin-c of the network.
mnt-by: MAINT-CNNIC-AP
last-modified: 2017-11-01T08:57:39Z
source: APNIC
person: Li Jia
address: NO.969 West Wen Yi Road, Yu Hang District, Hangzhou
country: CN
phone: +86-0571-85022088 <tel:%2B86-0571-85022088>
e-mail: [email protected] <mailto:[email protected]>
nic-hdl: ZM1015-AP
mnt-by: MAINT-CNNIC-AP
last-modified: 2014-07-30T02:02:01Z
source: APNIC
person: Guoxin Gao
address: 5F, Builing D, the West Lake International Plaza
of S&T
address: No.391 Wen'er Road, Hangzhou City
address: Zhejiang, China, 310099
country: CN
phone: +86-0571-85022600 <tel:%2B86-0571-85022600>
fax-no: +86-0571-85022600 <tel:%2B86-0571-85022600>
e-mail: [email protected]
<mailto:[email protected]>
nic-hdl: ZM875-AP
mnt-by: MAINT-CNNIC-AP
last-modified: 2014-07-30T01:56:01Z
source: APNIC
person: security trouble
e-mail: [email protected]
<mailto:[email protected]>
address: 5th,floor,Building D,the West Lake International
Plaza
of S&T,391#Wen’er Road
address: Hangzhou, Zhejiang, China
phone: +86-0571-85022600 <tel:%2B86-0571-85022600>
country: CN
mnt-by: MAINT-CNNIC-AP
nic-hdl: ZM876-AP
last-modified: 2013-07-08T02:56:02Z
source: APNIC
person: Guowei Pan
address: 5F, Builing D, the West Lake International Plaza
of S&T
address: No.391 Wen'er Road, Hangzhou City
address: Zhejiang, China, 310099
country: CN
phone: +86-0571-85022088-30763
fax-no: +86-0571-85022600 <tel:%2B86-0571-85022600>
e-mail: [email protected]
<mailto:[email protected]>
nic-hdl: ZM877-AP
mnt-by: MAINT-CNNIC-AP
last-modified: 2013-07-09T01:34:02Z
source: APNIC
% Information related to '112.124.0.0/14AS37963
<http://112.124.0.0/14AS37963>'
route: 112.124.0.0/14 <http://112.124.0.0/14>
descr: Addresses from CNNIC
country: CN
origin: AS37963
mnt-by: MAINT-CNNIC-AP
last-modified: 2016-07-20T02:08:03Z
source: APNIC
